From unknown Fri Aug 15 12:51:31 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#19098 <19098@debbugs.gnu.org> To: bug#19098 <19098@debbugs.gnu.org> Subject: Status: 24.4.51; gnutls.c doesn't handle wildcard certificates Reply-To: bug#19098 <19098@debbugs.gnu.org> Date: Fri, 15 Aug 2025 19:51:31 +0000 retitle 19098 24.4.51; gnutls.c doesn't handle wildcard certificates reassign 19098 emacs submitter 19098 Lars Magne Ingebrigtsen severity 19098 normal tag 19098 notabug thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Nov 18 13:02:22 2014 Received: (at submit) by debbugs.gnu.org; 18 Nov 2014 18:02:22 +0000 Received: from localhost ([127.0.0.1]:37492 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xqn6a-0003H9-SP for submit@debbugs.gnu.org; Tue, 18 Nov 2014 13:02:22 -0500 Received: from eggs.gnu.org ([208.118.235.92]:44323) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xqn6W-0003Gy-AO for submit@debbugs.gnu.org; Tue, 18 Nov 2014 13:02:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xqn6Q-0003ay-F7 for submit@debbugs.gnu.org; Tue, 18 Nov 2014 13:02:15 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:44418) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqn6Q-0003au-Ck for submit@debbugs.gnu.org; Tue, 18 Nov 2014 13:02:10 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45993) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqn6K-0005sp-G7 for bug-gnu-emacs@gnu.org; Tue, 18 Nov 2014 13:02:10 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xqn6D-0003Zf-06 for bug-gnu-emacs@gnu.org; Tue, 18 Nov 2014 13:02:04 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:53448) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xqn6C-0003ZY-I7 for bug-gnu-emacs@gnu.org; Tue, 18 Nov 2014 13:01:56 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Xqn5p-00037i-N2 for bug-gnu-emacs@gnu.org; Tue, 18 Nov 2014 19:01:33 +0100 From: Lars Magne Ingebrigtsen To: bug-gnu-emacs@gnu.org Subject: 24.4.51; gnutls.c doesn't handle wildcard certificates X-Now-Playing: Talking Heads's _Once In A Lifetime (2)_: "Making Flippy Floppy" X-Hashcash: 1:23:141118:bug-gnu-emacs@gnu.org::1uEyjOlpwNtKvUIP:0000000000000000000000000000000000000000a1fv Date: Tue, 18 Nov 2014 19:01:33 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1Xqn5p-00037i-N2 X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1416938494.00406@IFv4qGhb1K/y5AuIqQ4/bg X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) The new NSM code uncovered this problem: -------- Certificate issued by GeoTrust SSL CA - G3 Issued to Tumblr, Inc. Certificate host name: *.media.tumblr.com Public key: RSA, signature: RSA-SHA256, security level: Low Valid from: 2014-09-30, valid to: 2016-04-08 The TLS connection to 33.media.tumblr.com:443 is insecure for the following reason: certificate could not be verified -------- So the host checking code in, I think, gnutls-negotiate should be extended to understand things like "*.media.tumblr.com". In GNU Emacs 24.4.51.61 (x86_64-unknown-linux-gnu, X toolkit, Xaw scroll bars) of 2014-11-18 on stories Repository revision: f924c7deeb96d2caf0d0e4fabc6008204984feeb Windowing system distributor `The X.Org Foundation', version 11.0.11204000 System Description: Debian GNU/Linux 7.6 (wheezy) Important settings: value of $LANG: en_US locale-coding-system: iso-latin-1-unix Major mode: Help Minor modes in effect: shell-dirtrack-mode: t diff-auto-refine-mode: t tooltip-mode: t electric-indent-mode: t mouse-wheel-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t buffer-read-only: t line-number-mode: t Recent messages: Reading active file from archive via nnfolder...done Reading active file from archive via nnfolder...done Reading active file via nndraft...done Reading active file via nnmbox...done Checking new news...done Auto-saving...done mouse-2: show the MIME part; down-mouse-3: more options Type "q" in help window to restore its previous buffer. Mark set [2 times] Making completion list... Load-path shadows: /home/larsi/.emacs.d/elpa/debbugs-0.6/debbugs-gnu hides ~/src/elpa/elpa/packages/debbugs/debbugs-gnu /home/larsi/.emacs.d/elpa/debbugs-0.6/debbugs-pkg hides ~/src/elpa/elpa/packages/debbugs/debbugs-pkg /home/larsi/.emacs.d/elpa/debbugs-0.6/debbugs hides ~/src/elpa/elpa/packages/debbugs/debbugs /home/larsi/mgnus/lisp/compface hides ~/pgnus/contrib/compface /home/larsi/src/clock.el/clock hides /home/larsi/lisp/clock /home/larsi/src/cddb.el/expect hides /home/larsi/lisp/expect /home/larsi/src/pvr.el/pvr hides /home/larsi/lisp/pvr ~/pgnus/contrib/vcard hides /home/larsi/lisp/vcard /home/larsi/src/cddb.el/captitle hides /home/larsi/lisp/captitle ~/lisp/zenirc-2.112/src/zenirc-example hides /home/larsi/lisp/zenirc-example /home/larsi/mgnus/lisp/format-spec hides /home/larsi/src/emacs/nsm/lisp/format-spec /home/larsi/mgnus/lisp/hex-util hides /home/larsi/src/emacs/nsm/lisp/hex-util /home/larsi/mgnus/lisp/color hides /home/larsi/src/emacs/nsm/lisp/color /home/larsi/mgnus/lisp/md4 hides /home/larsi/src/emacs/nsm/lisp/md4 /home/larsi/mgnus/lisp/password-cache hides /home/larsi/src/emacs/nsm/lisp/password-cache /home/larsi/mgnus/lisp/dns-mode hides /home/larsi/src/emacs/nsm/lisp/textmodes/dns-mode /home/larsi/mgnus/lisp/sasl-ntlm hides /home/larsi/src/emacs/nsm/lisp/net/sasl-ntlm /home/larsi/mgnus/lisp/dns hides /home/larsi/src/emacs/nsm/lisp/net/dns /home/larsi/mgnus/lisp/hmac-def hides /home/larsi/src/emacs/nsm/lisp/net/hmac-def /home/larsi/mgnus/lisp/ntlm hides /home/larsi/src/emacs/nsm/lisp/net/ntlm /home/larsi/mgnus/lisp/tls hides /home/larsi/src/emacs/nsm/lisp/net/tls /home/larsi/mgnus/lisp/sasl-digest hides /home/larsi/src/emacs/nsm/lisp/net/sasl-digest /home/larsi/mgnus/lisp/netrc hides /home/larsi/src/emacs/nsm/lisp/net/netrc /home/larsi/mgnus/lisp/sasl-cram hides /home/larsi/src/emacs/nsm/lisp/net/sasl-cram /home/larsi/mgnus/lisp/hmac-md5 hides /home/larsi/src/emacs/nsm/lisp/net/hmac-md5 /home/larsi/mgnus/lisp/dig hides /home/larsi/src/emacs/nsm/lisp/net/dig /home/larsi/mgnus/lisp/sasl hides /home/larsi/src/emacs/nsm/lisp/net/sasl /home/larsi/mgnus/lisp/uudecode hides /home/larsi/src/emacs/nsm/lisp/mail/uudecode /home/larsi/mgnus/lisp/hashcash hides /home/larsi/src/emacs/nsm/lisp/mail/hashcash /home/larsi/mgnus/lisp/binhex hides /home/larsi/src/emacs/nsm/lisp/mail/binhex /home/larsi/mgnus/lisp/nndoc hides /home/larsi/src/emacs/nsm/lisp/gnus/nndoc /home/larsi/mgnus/lisp/mm-partial hides /home/larsi/src/emacs/nsm/lisp/gnus/mm-partial /home/larsi/mgnus/lisp/gnus-srvr hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-srvr /home/larsi/mgnus/lisp/mailcap hides /home/larsi/src/emacs/nsm/lisp/gnus/mailcap /home/larsi/mgnus/lisp/gnus-range hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-range /home/larsi/mgnus/lisp/rfc1843 hides /home/larsi/src/emacs/nsm/lisp/gnus/rfc1843 /home/larsi/mgnus/lisp/nneething hides /home/larsi/src/emacs/nsm/lisp/gnus/nneething /home/larsi/mgnus/lisp/gnus-logic hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-logic /home/larsi/mgnus/lisp/spam-wash hides /home/larsi/src/emacs/nsm/lisp/gnus/spam-wash /home/larsi/mgnus/lisp/nnmail hides /home/larsi/src/emacs/nsm/lisp/gnus/nnmail /home/larsi/mgnus/lisp/nnmbox hides /home/larsi/src/emacs/nsm/lisp/gnus/nnmbox /home/larsi/mgnus/lisp/gssapi hides /home/larsi/src/emacs/nsm/lisp/gnus/gssapi /home/larsi/mgnus/lisp/gnus-agent hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-agent /home/larsi/mgnus/lisp/mail-parse hides /home/larsi/src/emacs/nsm/lisp/gnus/mail-parse /home/larsi/mgnus/lisp/mml-smime hides /home/larsi/src/emacs/nsm/lisp/gnus/mml-smime /home/larsi/mgnus/lisp/gnus-msg hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-msg /home/larsi/mgnus/lisp/gnus-icalendar hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-icalendar /home/larsi/mgnus/lisp/gnus-fun hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-fun /home/larsi/mgnus/lisp/mail-source hides /home/larsi/src/emacs/nsm/lisp/gnus/mail-source /home/larsi/mgnus/lisp/mm-encode hides /home/larsi/src/emacs/nsm/lisp/gnus/mm-encode /home/larsi/mgnus/lisp/gnus-cache hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-cache /home/larsi/mgnus/lisp/mm-util hides /home/larsi/src/emacs/nsm/lisp/gnus/mm-util /home/larsi/mgnus/lisp/mm-archive hides /home/larsi/src/emacs/nsm/lisp/gnus/mm-archive /home/larsi/mgnus/lisp/nnnil hides /home/larsi/src/emacs/nsm/lisp/gnus/nnnil /home/larsi/mgnus/lisp/mml2015 hides /home/larsi/src/emacs/nsm/lisp/gnus/mml2015 /home/larsi/mgnus/lisp/nnoo hides /home/larsi/src/emacs/nsm/lisp/gnus/nnoo /home/larsi/mgnus/lisp/messcompat hides /home/larsi/src/emacs/nsm/lisp/gnus/messcompat /home/larsi/mgnus/lisp/gnus-sync hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-sync /home/larsi/mgnus/lisp/nnweb hides /home/larsi/src/emacs/nsm/lisp/gnus/nnweb /home/larsi/mgnus/lisp/nnrss hides /home/larsi/src/emacs/nsm/lisp/gnus/nnrss /home/larsi/mgnus/lisp/legacy-gnus-agent hides /home/larsi/src/emacs/nsm/lisp/gnus/legacy-gnus-agent /home/larsi/mgnus/lisp/nnspool hides /home/larsi/src/emacs/nsm/lisp/gnus/nnspool /home/larsi/mgnus/lisp/compface hides /home/larsi/src/emacs/nsm/lisp/gnus/compface /home/larsi/mgnus/lisp/smime hides /home/larsi/src/emacs/nsm/lisp/gnus/smime /home/larsi/mgnus/lisp/ietf-drums hides /home/larsi/src/emacs/nsm/lisp/gnus/ietf-drums /home/larsi/mgnus/lisp/yenc hides /home/larsi/src/emacs/nsm/lisp/gnus/yenc /home/larsi/mgnus/lisp/gnus-delay hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-delay /home/larsi/mgnus/lisp/gnus-async hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-async /home/larsi/mgnus/lisp/nnmh hides /home/larsi/src/emacs/nsm/lisp/gnus/nnmh /home/larsi/mgnus/lisp/mm-url hides /home/larsi/src/emacs/nsm/lisp/gnus/mm-url /home/larsi/mgnus/lisp/gnus-picon hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-picon /home/larsi/mgnus/lisp/gnus-bookmark hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-bookmark /home/larsi/mgnus/lisp/gnus-diary hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-diary /home/larsi/mgnus/lisp/html2text hides /home/larsi/src/emacs/nsm/lisp/gnus/html2text /home/larsi/mgnus/lisp/nndraft hides /home/larsi/src/emacs/nsm/lisp/gnus/nndraft /home/larsi/mgnus/lisp/auth-source hides /home/larsi/src/emacs/nsm/lisp/gnus/auth-source /home/larsi/mgnus/lisp/gnus-bcklg hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-bcklg /home/larsi/mgnus/lisp/gnus-win hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-win /home/larsi/mgnus/lisp/gnus-salt hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-salt /home/larsi/mgnus/lisp/rfc2045 hides /home/larsi/src/emacs/nsm/lisp/gnus/rfc2045 /home/larsi/mgnus/lisp/gnus-draft hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-draft /home/larsi/mgnus/lisp/gnus-spec hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-spec /home/larsi/mgnus/lisp/nnir hides /home/larsi/src/emacs/nsm/lisp/gnus/nnir /home/larsi/mgnus/lisp/mm-uu hides /home/larsi/src/emacs/nsm/lisp/gnus/mm-uu /home/larsi/mgnus/lisp/rfc2104 hides /home/larsi/src/emacs/nsm/lisp/gnus/rfc2104 /home/larsi/mgnus/lisp/nngateway hides /home/larsi/src/emacs/nsm/lisp/gnus/nngateway /home/larsi/mgnus/lisp/gnus-sum hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-sum /home/larsi/mgnus/lisp/mail-prsvr hides /home/larsi/src/emacs/nsm/lisp/gnus/mail-prsvr /home/larsi/mgnus/lisp/gnus-dup hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-dup /home/larsi/mgnus/lisp/score-mode hides /home/larsi/src/emacs/nsm/lisp/gnus/score-mode /home/larsi/mgnus/lisp/starttls hides /home/larsi/src/emacs/nsm/lisp/gnus/starttls /home/larsi/mgnus/lisp/plstore hides /home/larsi/src/emacs/nsm/lisp/gnus/plstore /home/larsi/mgnus/lisp/gnus-topic hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-topic /home/larsi/mgnus/lisp/gnus-notifications hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-notifications /home/larsi/mgnus/lisp/registry hides /home/larsi/src/emacs/nsm/lisp/gnus/registry /home/larsi/mgnus/lisp/mml-sec hides /home/larsi/src/emacs/nsm/lisp/gnus/mml-sec /home/larsi/mgnus/lisp/nnmaildir hides /home/larsi/src/emacs/nsm/lisp/gnus/nnmaildir /home/larsi/mgnus/lisp/nnbabyl hides /home/larsi/src/emacs/nsm/lisp/gnus/nnbabyl /home/larsi/mgnus/lisp/sieve hides /home/larsi/src/emacs/nsm/lisp/gnus/sieve /home/larsi/mgnus/lisp/qp hides /home/larsi/src/emacs/nsm/lisp/gnus/qp /home/larsi/mgnus/lisp/nnregistry hides /home/larsi/src/emacs/nsm/lisp/gnus/nnregistry /home/larsi/mgnus/lisp/gnus-art hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-art /home/larsi/mgnus/lisp/gnus-dired hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-dired /home/larsi/mgnus/lisp/gnus-util hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-util /home/larsi/mgnus/lisp/nnheader hides /home/larsi/src/emacs/nsm/lisp/gnus/nnheader /home/larsi/mgnus/lisp/gnus-demon hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-demon /home/larsi/mgnus/lisp/message hides /home/larsi/src/emacs/nsm/lisp/gnus/message /home/larsi/mgnus/lisp/rfc2231 hides /home/larsi/src/emacs/nsm/lisp/gnus/rfc2231 /home/larsi/mgnus/lisp/canlock hides /home/larsi/src/emacs/nsm/lisp/gnus/canlock /home/larsi/mgnus/lisp/mm-extern hides /home/larsi/src/emacs/nsm/lisp/gnus/mm-extern /home/larsi/mgnus/lisp/gnus-undo hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-undo /home/larsi/mgnus/lisp/mm-bodies hides /home/larsi/src/emacs/nsm/lisp/gnus/mm-bodies /home/larsi/mgnus/lisp/gnus-score hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-score /home/larsi/mgnus/lisp/gnus-mh hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-mh /home/larsi/mgnus/lisp/nnvirtual hides /home/larsi/src/emacs/nsm/lisp/gnus/nnvirtual /home/larsi/mgnus/lisp/spam-report hides /home/larsi/src/emacs/nsm/lisp/gnus/spam-report /home/larsi/mgnus/lisp/nndiary hides /home/larsi/src/emacs/nsm/lisp/gnus/nndiary /home/larsi/mgnus/lisp/sieve-manage hides /home/larsi/src/emacs/nsm/lisp/gnus/sieve-manage /home/larsi/mgnus/lisp/mml1991 hides /home/larsi/src/emacs/nsm/lisp/gnus/mml1991 /home/larsi/mgnus/lisp/gnus-eform hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-eform /home/larsi/mgnus/lisp/mml hides /home/larsi/src/emacs/nsm/lisp/gnus/mml /home/larsi/mgnus/lisp/gravatar hides /home/larsi/src/emacs/nsm/lisp/gnus/gravatar /home/larsi/mgnus/lisp/nntp hides /home/larsi/src/emacs/nsm/lisp/gnus/nntp /home/larsi/mgnus/lisp/ecomplete hides /home/larsi/src/emacs/nsm/lisp/gnus/ecomplete /home/larsi/mgnus/lisp/rtree hides /home/larsi/src/emacs/nsm/lisp/gnus/rtree /home/larsi/mgnus/lisp/gnus-int hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-int /home/larsi/mgnus/lisp/gnus-sieve hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-sieve /home/larsi/mgnus/lisp/smiley hides /home/larsi/src/emacs/nsm/lisp/gnus/smiley /home/larsi/mgnus/lisp/gnus hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus /home/larsi/mgnus/lisp/gnus-cus hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-cus /home/larsi/mgnus/lisp/nnfolder hides /home/larsi/src/emacs/nsm/lisp/gnus/nnfolder /home/larsi/mgnus/lisp/nnmairix hides /home/larsi/src/emacs/nsm/lisp/gnus/nnmairix /home/larsi/mgnus/lisp/pop3 hides /home/larsi/src/emacs/nsm/lisp/gnus/pop3 /home/larsi/mgnus/lisp/gnus-start hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-start /home/larsi/mgnus/lisp/nnml hides /home/larsi/src/emacs/nsm/lisp/gnus/nnml /home/larsi/mgnus/lisp/gnus-vm hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-vm /home/larsi/mgnus/lisp/gnus-mlspl hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-mlspl /home/larsi/mgnus/lisp/gnus-registry hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-registry /home/larsi/mgnus/lisp/gnus-ml hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-ml /home/larsi/mgnus/lisp/gnus-gravatar hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-gravatar /home/larsi/mgnus/lisp/spam hides /home/larsi/src/emacs/nsm/lisp/gnus/spam /home/larsi/mgnus/lisp/gnus-cite hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-cite /home/larsi/mgnus/lisp/flow-fill hides /home/larsi/src/emacs/nsm/lisp/gnus/flow-fill /home/larsi/mgnus/lisp/mm-view hides /home/larsi/src/emacs/nsm/lisp/gnus/mm-view /home/larsi/mgnus/lisp/gnus-html hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-html /home/larsi/mgnus/lisp/gnus-uu hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-uu /home/larsi/mgnus/lisp/deuglify hides /home/larsi/src/emacs/nsm/lisp/gnus/deuglify /home/larsi/mgnus/lisp/spam-stat hides /home/larsi/src/emacs/nsm/lisp/gnus/spam-stat /home/larsi/mgnus/lisp/nndir hides /home/larsi/src/emacs/nsm/lisp/gnus/nndir /home/larsi/mgnus/lisp/gnus-kill hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-kill /home/larsi/mgnus/lisp/gnus-ems hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-ems /home/larsi/mgnus/lisp/gnus-group hides /home/larsi/src/emacs/nsm/lisp/gnus/gnus-group /home/larsi/mgnus/lisp/nnagent hides /home/larsi/src/emacs/nsm/lisp/gnus/nnagent /home/larsi/mgnus/lisp/sieve-mode hides /home/larsi/src/emacs/nsm/lisp/gnus/sieve-mode /home/larsi/mgnus/lisp/rfc2047 hides /home/larsi/src/emacs/nsm/lisp/gnus/rfc2047 /home/larsi/mgnus/lisp/gmm-utils hides /home/larsi/src/emacs/nsm/lisp/gnus/gmm-utils /home/larsi/mgnus/lisp/utf7 hides /home/larsi/src/emacs/nsm/lisp/gnus/utf7 /home/larsi/mgnus/lisp/nnimap hides /home/larsi/src/emacs/nsm/lisp/gnus/nnimap /home/larsi/mgnus/lisp/mm-decode hides /home/larsi/src/emacs/nsm/lisp/gnus/mm-decode /home/larsi/mgnus/lisp/time-date hides /home/larsi/src/emacs/nsm/lisp/calendar/time-date /home/larsi/mgnus/lisp/parse-time hides /home/larsi/src/emacs/nsm/lisp/calendar/parse-time Features: (shadow emacsbug vc-bzr vc-sccs vc-svn vc-rcs vc-dir ewoc thingatpt texinfo shell pcomplete grep compile comint flow-fill pp mailalias smtpmail sendmail bug-reference log-edit ring pcvs-util whitespace diff-mode vc vc-dispatcher apropos eieio-opt speedbar sb-image ezimage dframe find-func misearch multi-isearch shr-color color canlock hashcash ecomplete eww copyright vc-cvs url-queue mule-util gnus-html url-cache shr mm-archive gnus-picon sort smiley ansi-color gnus-cite gnus-async gnus-dup qp gnus-ml gmane spam-gmane dns mm-url disp-table gnus-fun gnus-mdrtn gnus-topic pop3 nndoc nnmbox nndraft utf-7 help-mode nnmh nnml nnfolder gnutls network-stream nsm starttls nnir spam-report spam spam-stat gnus-uu yenc gnus-agent gnus-srvr gnus-score score-mode nnvirtual gnus-msg gnus-art mm-uu mml2015 mm-view mml-smime smime dig nntp gnus-cache gnus-sum gnus-group gnus-undo gnus-start gnus-cloud nnimap nnmail mail-source utf7 netrc nnoo parse-time gnus-spec gnus-int gnus-range message format-spec rfc822 mml mml-sec mailabbrev gmm-utils mailheader gnus-win gnus-load gnus gnus-ems gnus-compat nnheader mail-utils vc-git package epg-config debug debbugs-gnu easy-mmode derived debbugs soap-client mm-decode mm-bodies mm-encode url-http tls url-auth mail-parse rfc2231 rfc2047 rfc2045 ietf-drums url-gw url url-proxy url-privacy url-expand url-methods url-history url-cookie url-domsuf url-util url-parse auth-source eieio byte-opt bytecomp byte-compile cl-extra cconv eieio-core gnus-util mm-util help-fns mail-prsvr password-cache url-vars mailcap warnings xml ido flyspell ispell benchmark w3m browse-url doc-view dired image-mode easymenu timezone w3m-hist w3m-fb w3m-ems wid-edit w3m-ccl ccl w3m-favicon w3m-image w3m-proc w3m-util cl-macs add-log mail-extr jka-compr cl gv cl-loaddefs cl-lib time-date tooltip electric uniquify ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment lisp-mode prog-mode register page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote make-network-process gfilenotify dynamic-setting system-font-setting font-render-setting x-toolkit x multi-tty emacs) Memory information: ((conses 16 706035 121227) (symbols 48 166335 29) (miscs 40 590 3166) (strings 32 224229 24050) (string-bytes 1 8107911) (vectors 16 39915) (vector-slots 8 1702537 199318) (floats 8 6807 2470) (intervals 56 24607 1215) (buffers 960 125) (heap 1024 117932 43945)) -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Wed Nov 19 16:03:01 2014 Received: (at 19098) by debbugs.gnu.org; 19 Nov 2014 21:03:01 +0000 Received: from localhost ([127.0.0.1]:38726 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XrCOv-0004n0-4o for submit@debbugs.gnu.org; Wed, 19 Nov 2014 16:03:01 -0500 Received: from mail-qg0-f49.google.com ([209.85.192.49]:55900) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XrCOp-0004mi-7f for 19098@debbugs.gnu.org; Wed, 19 Nov 2014 16:02:55 -0500 Received: by mail-qg0-f49.google.com with SMTP id a108so1096623qge.36 for <19098@debbugs.gnu.org>; Wed, 19 Nov 2014 13:02:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=i7mvhRfSh/Wta5n8bay1E1ce+nWbEovAJQ/RhuZE1g0=; b=CrQO6OJhXThzE6/Wyw1eh4Ve9MeDsCa7rL0pFMiWDjFmVlhQ9IBiE+P6zCQZE3/9qv ySUkI7g2CJuxAshC6t/YK4wRcBL/u80x4KEavUgDqw1L7DxjwecMa/Omhl0LeVmXBeOc SxYOodUMRW1GK+ZWRtiFE5c74NE82+gnEAc64= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=i7mvhRfSh/Wta5n8bay1E1ce+nWbEovAJQ/RhuZE1g0=; b=egTOkHyXQarjOfDCLipZO00u+56BzG9Z/c9aNSeoNwM+YNO//A1RwX/69mgpTg7vih MUBYPLEcCZ1dtdkUTr4j6Df9q5l6Oh8Qi/eKCLyvjCy2Sv0eGX4c0MnsQ8A/2Jg1zNyt PIvyGw9OGZONSnnOwF45BC/ZeexiEEUj1VCUgOQo8gbA9J4FUlnSNLmRsfMS26fc1QFi hAPSZav6SJmmVhkThiqHFiecaxwYOwkg75duSIj/+cIgTcqzZ7nX4smc3e2SjiDQPfMK X1CAhlmXTMKnqylIU1G/tmJvyqnMGh7B3O8X7yXoJ6vfLbczUmzkbCnNfnXrnVuQ/kGh aIZQ== X-Gm-Message-State: ALoCoQl+yCUW0kl8meoU4Cqt2MXw4WoQC9xTV1W7jCXQq5Q6EjP5urm6kLwfB2KsMMRibJDxV43B X-Received: by 10.140.82.144 with SMTP id h16mr52598216qgd.40.1416430970680; Wed, 19 Nov 2014 13:02:50 -0800 (PST) Received: from flea (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id e2sm313408qac.34.2014.11.19.13.02.49 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Wed, 19 Nov 2014 13:02:50 -0800 (PST) From: Ted Zlatanov To: Lars Magne Ingebrigtsen Subject: Re: bug#19098: 24.4.51; gnutls.c doesn't handle wildcard certificates Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos References: X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Wed, 19 Nov 2014 16:03:21 -0500 In-Reply-To: (Lars Magne Ingebrigtsen's message of "Tue, 18 Nov 2014 19:01:33 +0100") Message-ID: <878uj6c38m.fsf@lifelogs.com> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 19098 Cc: 19098@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Tue, 18 Nov 2014 19:01:33 +0100 Lars Magne Ingebrigtsen wrote: LMI> The new NSM code uncovered this problem: LMI> -------- LMI> Certificate issued by GeoTrust SSL CA - G3 LMI> Issued to Tumblr, Inc. LMI> Certificate host name: *.media.tumblr.com LMI> Public key: RSA, signature: RSA-SHA256, security level: Low LMI> Valid from: 2014-09-30, valid to: 2016-04-08 LMI> The TLS connection to 33.media.tumblr.com:443 is insecure LMI> for the following reason: LMI> certificate could not be verified LMI> -------- LMI> So the host checking code in, I think, gnutls-negotiate should be LMI> extended to understand things like "*.media.tumblr.com". For the hostname check, we use gnutls_x509_crt_check_hostname() which, according to the docs, will handle wildcards. But that's not the source of this error :) The error you cite comes from gnutls.c: #+begin_src c ret = fn_gnutls_certificate_verify_peers2 (state, &peer_verification); #+end_src and is caused by the GNUTLS_CERT_INVALID flag. But I don't see a hint anywhere that it does not work with wildcard certs (you have to explicitly disable them, so the assumption is that they work by default). Also, if you set `gnutls-verify-error' to t, do you get the corresponding error in the non-NSM flow? "$HOSTNAME certificate could not be verified." Finally, can you verify the cert with gnutls-cli? If it's valid, I'll ask on the GnuTLS mailing list because I'm probably missing something. For me it fails: #+begin_src text % gnutls-cli 33.media.tumblr.com [nsm] Resolving '33.media.tumblr.com'... Connecting to '209.197.3.20:443'... - Certificate type: X.509 - Got a certificate list of 4 certificates. - Certificate[0] info: - subject `C=US,ST=New York,L=New York,O=Tumblr\, Inc.,CN=*.media.tumblr.com', issuer `C=US,O=GeoTrust Inc.,CN=GeoTrust SSL CA - G3', RSA key 2048 bits, signed using RSA-SHA256, activated `2014-09-30 00:00:00 UTC', expires `2016-04-08 23:59:59 UTC', SHA-1 fingerprint `099be258615288fba254ee2cf428422be6c8f3ca' - Certificate[1] info: - subject `C=US,O=GeoTrust Inc.,CN=GeoTrust SSL CA - G3', issuer `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2013-11-05 21:36:50 UTC', expires `2022-05-20 21:36:50 UTC', SHA-1 fingerprint `5aeaee3f7f2a9449cebafeec68fdd184f20124a7' - Certificate[2] info: - subject `C=US,O=GeoTrust Inc.,CN=GeoTrust SSL CA - G3', issuer `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', RSA key 2048 bits, signed using RSA-SHA256, activated `2013-11-05 21:36:50 UTC', expires `2022-05-20 21:36:50 UTC', SHA-1 fingerprint `5aeaee3f7f2a9449cebafeec68fdd184f20124a7' - Certificate[3] info: - subject `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', issuer `C=US,O=GeoTrust Inc.,CN=GeoTrust Global CA', RSA key 2048 bits, signed using RSA-SHA1, activated `2002-05-21 04:00:00 UTC', expires `2022-05-21 04:00:00 UTC', SHA-1 fingerprint `de28f4a4ffe5b92fa3c503d1a349a7f9962a8212' - The hostname in the certificate matches '33.media.tumblr.com'. - Peer's certificate issuer is unknown - Peer's certificate is NOT trusted - Version: TLS1.2 - Key Exchange: RSA - Cipher: ARCFOUR-128 - MAC: SHA1 - Compression: NULL - Handshake was completed #+end_src Ted From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 08 15:12:11 2014 Received: (at 19098) by debbugs.gnu.org; 8 Dec 2014 20:12:11 +0000 Received: from localhost ([127.0.0.1]:58139 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xy4fC-00079o-Ob for submit@debbugs.gnu.org; Mon, 08 Dec 2014 15:12:11 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:46713) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xy4fA-00079e-Km for 19098@debbugs.gnu.org; Mon, 08 Dec 2014 15:12:09 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Xy4er-0006C7-Pl for 19098@debbugs.gnu.org; Mon, 08 Dec 2014 21:11:49 +0100 From: Lars Magne Ingebrigtsen To: 19098@debbugs.gnu.org Subject: Re: bug#19098: 24.4.51; gnutls.c doesn't handle wildcard certificates References: <878uj6c38m.fsf@lifelogs.com> X-Now-Playing: David Bowie's _The Next Day_: "Where Are We Now?" X-Hashcash: 1:23:141208:19098@debbugs.gnu.org::UOqAjFkrpZtdVhw+:0000000000000000000000000000000000000000s92f Date: Mon, 08 Dec 2014 21:11:49 +0100 In-Reply-To: <878uj6c38m.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 19 Nov 2014 16:03:21 -0500") Message-ID: User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1Xy4er-0006C7-Pl X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1418674309.93011@f1ujfqxuCEK14W9ludFkDA X-Spam-Status: No X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 19098 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Ted Zlatanov writes: > and is caused by the GNUTLS_CERT_INVALID flag. But I don't see a hint > anywhere that it does not work with wildcard certs (you have to > explicitly disable them, so the assumption is that they work by > default). Also, if you set `gnutls-verify-error' to t, do you get the > corresponding error in the non-NSM flow? "$HOSTNAME certificate could > not be verified." Yes: Debugger entered--Lisp error: (error "Certificate validation failed 33.media.tumblr.com, verification code 2") gnutls-boot(#> gnutls-x509pki (:priority "NORMAL" :hostname "33.media.tumblr.com" :loglevel 0 :min-prime-bits 256 :trustfiles ("/etc/ssl/certs/ca-certificates.crt") :crlfiles nil :keylist nil :verify-flags nil :verify-error t :callbacks nil)) So I think the certificate just couldn't be verified, so this bug report is, like, totally bogus, man. Closing. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 08 15:12:14 2014 Received: (at control) by debbugs.gnu.org; 8 Dec 2014 20:12:14 +0000 Received: from localhost ([127.0.0.1]:58142 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xy4fG-0007A4-Fa for submit@debbugs.gnu.org; Mon, 08 Dec 2014 15:12:14 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:46719) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xy4fD-00079v-TZ for control@debbugs.gnu.org; Mon, 08 Dec 2014 15:12:12 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Xy4ev-0006CF-L1 for control@debbugs.gnu.org; Mon, 08 Dec 2014 21:11:53 +0100 Date: Mon, 08 Dec 2014 21:11:53 +0100 Message-Id: To: control@debbugs.gnu.org From: Lars Magne Ingebrigtsen Subject: control message for bug #19098 X-MailScanner-ID: 1Xy4ev-0006CF-L1 X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1418674314.20453@Scg+pnq+Ingjxos25lbSuA X-Spam-Status: No X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) tags 19098 notabug close 19098 From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 10 11:07:29 2014 Received: (at 19098-done) by debbugs.gnu.org; 10 Dec 2014 16:07:29 +0000 Received: from localhost ([127.0.0.1]:60785 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XyjnR-0004pr-Su for submit@debbugs.gnu.org; Wed, 10 Dec 2014 11:07:29 -0500 Received: from mail-qg0-f53.google.com ([209.85.192.53]:40675) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XyjnN-0004pb-CU for 19098-done@debbugs.gnu.org; Wed, 10 Dec 2014 11:07:25 -0500 Received: by mail-qg0-f53.google.com with SMTP id l89so2283370qgf.26 for <19098-done@debbugs.gnu.org>; Wed, 10 Dec 2014 08:07:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=4I/Vij6tgjRYgC+DJ2TEAcUvY8T4iLkVPElY3BINi94=; b=I4pFwZa48Q8S3JNh3loGLtUD6v5bcET4foaf8hk1ff75yKKChxp1LzO4QcDyl6QOhc 9SX8WQDMe5bzvGyubdvojsizmFIwySIHNZsAdLDoZB/rJreN63MtGTimy5E0IXh0FSWV gnUZdYTvK8stemO0PwiNZ/LJ8ZWWZk6USW2N4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=4I/Vij6tgjRYgC+DJ2TEAcUvY8T4iLkVPElY3BINi94=; b=ZFygpEwvyfoLBEpJy8qX5M6f4zvYtJaZOeFeJ3j+6CapyizHvQFCukZmu5E0571OUN zBPyMj4BlZ54ldulRPc2/tR/bpdz/wH1hqR/Alzb+sehiCE21D+nHFHFjMP1ic+g4HND T6x11WXY2yCgbp6Ynhlkf1mNfaXFUSfHiBo42JRXeebxBNPamwbWI/ERYBz0suJN8/Dd Nw5qXGgc9FPxzewLDas0Reb1JRYGy9HHL6HiK04qnP41sGAxHlXFSGX4FcF82ej/c6aq g754sT713nNiS4frb0tH8qAPw7L/b2k4+4OIAPHAVGRCBF3pEjdq0McV2SiNRIksRFLc e39A== X-Gm-Message-State: ALoCoQnxip4p3EASHlao3u+dd7REtwG/7Uz44Nk2rVHOZnRWQSKy0YaZjW7RfoaeUnEJyDwfaQid X-Received: by 10.140.40.209 with SMTP id x75mr9103785qgx.80.1418227640936; Wed, 10 Dec 2014 08:07:20 -0800 (PST) Received: from flea (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id d7sm4566811qar.27.2014.12.10.08.07.10 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Wed, 10 Dec 2014 08:07:10 -0800 (PST) From: Ted Zlatanov To: Lars Magne Ingebrigtsen Subject: Re: bug#19098: 24.4.51; gnutls.c doesn't handle wildcard certificates Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos References: <878uj6c38m.fsf@lifelogs.com> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Wed, 10 Dec 2014 11:08:04 -0500 In-Reply-To: (Lars Magne Ingebrigtsen's message of "Mon, 08 Dec 2014 21:11:49 +0100") Message-ID: <87d27r8p3v.fsf@lifelogs.com> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 19098-done Cc: 19098-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Mon, 08 Dec 2014 21:11:49 +0100 Lars Magne Ingebrigtsen wrote: LMI> So I think the certificate just couldn't be verified, so this bug report LMI> is, like, totally bogus, man. Excellent. LMI> Closing. I didn't see a CC to 19098-done@debbugs.gnu.org so I'm doing it here. If you did it in some other backchannel, how am I supposed to know? HOW!?!?!?!?! :) Ted From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 10 11:27:39 2014 Received: (at 19098) by debbugs.gnu.org; 10 Dec 2014 16:27:39 +0000 Received: from localhost ([127.0.0.1]:60837 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xyk70-0005OM-Mw for submit@debbugs.gnu.org; Wed, 10 Dec 2014 11:27:38 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:54605) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Xyk6x-0005OC-QU for 19098@debbugs.gnu.org; Wed, 10 Dec 2014 11:27:36 -0500 Received: from cm-84.215.51.58.getinternet.no ([84.215.51.58] helo=stories.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Xyk6f-0001qw-BC; Wed, 10 Dec 2014 17:27:17 +0100 From: Lars Magne Ingebrigtsen To: 19098@debbugs.gnu.org Subject: Re: bug#19098: 24.4.51; gnutls.c doesn't handle wildcard certificates References: <878uj6c38m.fsf@lifelogs.com> <87d27r8p3v.fsf@lifelogs.com> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAKlBMVEVNDC43GSJEGigyFyAu HR9OOD4yDh86FSM9ISndAoQ3FCJTEi2wBmsnDxqWqYGdAAABbUlEQVQ4jXWTPU5DMQzHewd6BLaK lYXVw1u8tVIlToEYeoE35AAMPAlmVgRT1detDFXDAC8IEM1dsJ00zVctNYrer/bfduyRJQMA5AOa Zq4apdR8NhvZE1YHgBABDDdDgSMAkYthYPy9BTTuDgYYfOm3a5+bHED/d2DmDI0IIXIk0eDrtGkT iVjccpk1IPVzrAwY0cXSIwAUZw8Ge7V6mezGH2trqJijh14tO73tdv3DbX8uggyGXd9F9k6tkpbY zy6xdfDIwL2kzuCn01qvyJ4nfE6lYYd0v+Ub2Sv3P4BlFEmewXiwjYDrrirBGBADiJO6MKzRlIDK IA8H/hIAGHqVgA2EAu0+aRXPDbQ1QC9ZAxvxcOn+xuCR0sUqYAefbgLuZB4d2OttDtRxSobLp8Xi 5gypUwTafHFoQpAHSeUA5TGy2bWyS0ILcIhXAmSNfA1inwIY96uEwhMe3qoayX6kwgawKYDsQBif iv0DAXAmRm4hEfgAAAAASUVORK5CYII= X-Now-Playing: Interpol's _Turn On the Bright Lights (1)_: "Leif Erikson" X-Hashcash: 1:23:141210:19098-done@debbugs.gnu.org::vH2YDdYtLNKWLg6x:00000000000000000000000000000000001cmdn Date: Wed, 10 Dec 2014 17:27:16 +0100 In-Reply-To: <87d27r8p3v.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 10 Dec 2014 11:08:04 -0500") Message-ID: User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1Xyk6f-0001qw-BC X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1418833637.61286@Z1g97jp+/emRTp1vCrxtVA X-Spam-Status: No X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 19098 Cc: Ted Zlatanov X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Ted Zlatanov writes: > LMI> Closing. > > I didn't see a CC to 19098-done@debbugs.gnu.org so I'm doing it here. > If you did it in some other backchannel, how am I supposed to know? > HOW!?!?!?!?! :) I use the `C' command in the summary mode of debbugs, which sends a message to control@debbugs or something... -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 10 11:33:26 2014 Received: (at 19098) by debbugs.gnu.org; 10 Dec 2014 16:33:26 +0000 Received: from localhost ([127.0.0.1]:60841 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XykCY-0005Yc-Gd for submit@debbugs.gnu.org; Wed, 10 Dec 2014 11:33:26 -0500 Received: from mail-qc0-f173.google.com ([209.85.216.173]:50741) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XykCT-0005YO-5o for 19098@debbugs.gnu.org; Wed, 10 Dec 2014 11:33:20 -0500 Received: by mail-qc0-f173.google.com with SMTP id i17so2408231qcy.32 for <19098@debbugs.gnu.org>; Wed, 10 Dec 2014 08:33:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=CO1/iBKH4XCDgcaLfvRahQHFGKuDurmIo0H6Sjb6yWE=; b=bK9K/R/V0TSSf4sadbANuDAzEN0e48AsscGZGrbkMeyLOH+l9UEuoOnhAC6LYl5sqL 5/zQvgxkYQY/XuMrDcl8MypOupQ6mSDXvRzaqUaZ1HaduohNPS8ttU1XK74wunwVzPKH DBqpgKKm3wua/+JHhzAFEJteQB0sj5C6+TWdk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=CO1/iBKH4XCDgcaLfvRahQHFGKuDurmIo0H6Sjb6yWE=; b=T2Er4xomrI66gafENPiJEM/kQvZLUIWrFYlwnqfOMgxqwM17gMziF8Yzs7ZE3HQ/T6 tJf0qeQktE4su0o4kkDnAboJ2zT1V2MqOsnSvu+iV5h6pw/4S88yGBDlIiWtK8JjJ+2N thaZzjy1QE6XuovFS8L39Z6Y2WSIponN5f7kjEDH+yXWPlFa0HqxrzNZcdguDgqqn3tj xm+NGbkDpAky3q7HlvG6GP3AfT3o5kPJngycMPAUTiGn8uYvauGgpW6nby8xJpZ1R84q FpwM4GjsmL/SUP/OVmyyUJUT5lbpQLMYs3ydrBCpFjyvQiYWl3/lOS42ysicA2XeHETx S6Tw== X-Gm-Message-State: ALoCoQkuUah51pczY/1hPzJ/TwUkw+3P3iE8LiCxsllCrBhv4//xWhiTz6kJkIBk+MyimwrXn0Tr X-Received: by 10.229.176.198 with SMTP id bf6mr10418334qcb.12.1418229196541; Wed, 10 Dec 2014 08:33:16 -0800 (PST) Received: from flea (c-98-229-61-72.hsd1.ma.comcast.net. [98.229.61.72]) by mx.google.com with ESMTPSA id 7sm4640069qak.20.2014.12.10.08.33.15 for (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Wed, 10 Dec 2014 08:33:15 -0800 (PST) From: Ted Zlatanov To: Lars Magne Ingebrigtsen Subject: Re: bug#19098: 24.4.51; gnutls.c doesn't handle wildcard certificates Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos References: <878uj6c38m.fsf@lifelogs.com> <87d27r8p3v.fsf@lifelogs.com> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Wed, 10 Dec 2014 11:34:09 -0500 In-Reply-To: (Lars Magne Ingebrigtsen's message of "Wed, 10 Dec 2014 17:27:16 +0100") Message-ID: <874mt38nwe.fsf@lifelogs.com> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 19098 Cc: 19098@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Wed, 10 Dec 2014 17:27:16 +0100 Lars Magne Ingebrigtsen wrote: LMI> Ted Zlatanov writes: LMI> Closing. >> >> I didn't see a CC to 19098-done@debbugs.gnu.org so I'm doing it here. >> If you did it in some other backchannel, how am I supposed to know? >> HOW!?!?!?!?! :) LMI> I use the `C' command in the summary mode of debbugs, which sends a LMI> message to control@debbugs or something... I usually don't use debbugs, but instead read nntp+news.gmane.org:gmane.emacs.bugs It would be nice if I could add something to Gnus to tell me the state of the bug, even outside of debbugs. Ted From debbugs-submit-bounces@debbugs.gnu.org Sun Dec 21 07:11:21 2014 Received: (at 19098) by debbugs.gnu.org; 21 Dec 2014 12:11:21 +0000 Received: from localhost ([127.0.0.1]:53456 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2fM1-0001t6-8R for submit@debbugs.gnu.org; Sun, 21 Dec 2014 07:11:21 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:51486) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y2fLy-0001sx-Sj for 19098@debbugs.gnu.org; Sun, 21 Dec 2014 07:11:19 -0500 Received: from [138.62.237.24] (helo=building.gnus.org) by hermes.netfonds.no with esmtpsa (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from ) id 1Y2fLg-0000u2-R8 for 19098@debbugs.gnu.org; Sun, 21 Dec 2014 13:11:01 +0100 From: Lars Ingebrigtsen To: 19098@debbugs.gnu.org Subject: Re: bug#19098: 24.4.51; gnutls.c doesn't handle wildcard certificates References: <878uj6c38m.fsf@lifelogs.com> <87d27r8p3v.fsf@lifelogs.com> <874mt38nwe.fsf@lifelogs.com> Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEXX08yRjIX+/v0oKi6T maX///9SRjtSXW2OfGFqaWmNTVvhAAACSUlEQVQ4jcWUwWrcMBCGtYtLyG0HRBLdFpM+gUFLbhJV 2vq6kAcwLnJ97MVCx0AOyVHEWJ237YycTWhJzh0MWutj/vk9M6y4+yDE/wb16eVYnhMwW+fqer+t r+t9VV+b+gSsdM6BdABWgZPz7gUct/WWEuq9oKPEKWM27lpsKiHdP8WNEXshxN5Uf4OjeDc+iSMi gsKMmIBtWI8cBJKiM2V+SwDmDSDG9AIwJedeQciRfqwACUzlJJADgVgoVQNYThkAOQwEuJQ0Fl9B RCo/TZSRpJVGLRhCKDXoKk9+8AGB7KoGfYwjgaZEfyhuQdoF4yql/ZDJVJQKpbO2WshgjkWKImCc gYCrzFcqkcMKuFpkoStw9oyUJn9LUnEgHxiSUlePP505ZzOc4cMwhBCHlC6eHu9h10a6X4E/BHJE n50sPEGOdL+Cpu9cAqXgN8BGUXNWMMS+STBiBqlAim+k4L2+ZVeDR3UI0ygBHqrLSXsFigCVQrXo ZRmTsyDa3NEmKZIqAyQQf+GD3RH44SiVQIu4jL1+HjuFqqvUJWU4S8CU5ob+Bse5nW2bR2kdZ5iW tXA5LHpUpq0ub16A23A386SJz4ImguSagRSQIPcDDZDXiqZIEgw60Sa40Gh5fjaBA5sDd9ebs6gS Lw4Hjfd7Wifo5y+NHyib5kedxHvVrWCEZx66HyIvK60xGV8BLl4z0pE3W+lGqwKaG9/7HJggOW29 7kRpSXPw1P8w9ax3vhEwO7F3DHQBHL5pDr3mxaNe3dXvxucP/xn+AMAjfGPrdBE8AAAAAElFTkSu QmCC X-Now-Playing: burn's _306 (Back to the 80s)_: "Split!Oval, _Liturgy!02-Oval_-_Kreak" Date: Sun, 21 Dec 2014 13:10:59 +0100 In-Reply-To: <874mt38nwe.fsf@lifelogs.com> (Ted Zlatanov's message of "Wed, 10 Dec 2014 11:34:09 -0500") Message-ID: <87ioh5yzho.fsf@building.gnus.org> User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-MailScanner-ID: 1Y2fLg-0000u2-R8 X-Netfonds-MailScanner: Found to be clean X-Netfonds-MailScanner-From: larsi@gnus.org MailScanner-NULL-Check: 1419768661.24441@fNgmNr75bhhQB/qQkta7Cg X-Spam-Status: No X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 19098 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Ted Zlatanov writes: > It would be nice if I could add something to Gnus to tell me the state > of the bug, even outside of debbugs. The debbugs interface is basically one mbox file per bug. The state of the bug is in the first "email" in that mbox file. So Gnus would have to pull down that mbox file to determine the state of the bug. I think the right solution here is "just use debbugs-gnu". :-) -- (domestic pets only, the antidote for overdose, milk.) bloggy blog http://lars.ingebrigtsen.no/ From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 24 07:49:33 2014 Received: (at 19098) by debbugs.gnu.org; 24 Dec 2014 12:49:33 +0000 Received: from localhost ([127.0.0.1]:56335 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y3lNZ-0005Xc-HF for submit@debbugs.gnu.org; Wed, 24 Dec 2014 07:49:33 -0500 Received: from mail-ie0-f180.google.com ([209.85.223.180]:35047) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Y3lNT-0005XP-M6 for 19098@debbugs.gnu.org; Wed, 24 Dec 2014 07:49:28 -0500 Received: by mail-ie0-f180.google.com with SMTP id rp18so7603898iec.39 for <19098@debbugs.gnu.org>; Wed, 24 Dec 2014 04:49:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifelogs.com; s=google; h=from:to:cc:subject:organization:references:mail-copies-to :gmane-reply-to-list:date:in-reply-to:message-id:user-agent :mime-version:content-type; bh=8p7y5IaxKuMYQNlT7UoY+Zsf/FZ4cyTjupJuMHII5Hw=; b=bJpKnqkXbdayeFmOOoSX6kLGp3z4QpIEkhKXZNGa6u48HXLVUAm4pDjCTWpxsctKcv VmXpew5Mt3UKrGqTRmTQ8H6P6xdeYpOfTrO/qT1RTogwEVtWpWkhlmcPrG267XsQnc6L kw7RJZZ1FcCyn9jXoqgIYL0hh6GH6Az2yV8Io= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:organization:references :mail-copies-to:gmane-reply-to-list:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=8p7y5IaxKuMYQNlT7UoY+Zsf/FZ4cyTjupJuMHII5Hw=; b=co6yi1y6JPsmqGKkwoHoni6rUgwTBv1ApeLkHJO8uwl1YGygIPXqeedN4Arrw1HKTa MUmGl8pJ0goZqrzni/z0S8qqpxyON+ghpYpqs3t7JqVKUUn+bDLw4bpWEPtQVbfmdYvN WPzLua453/SjhleJVTXrrmbc7/Uk2kwCyJgomkhceRd6BcvAT60R9oVLcpN2lbGxdPU1 hI7OxYoElvem5GImYpqAf8D9/mR4wxACY+AczntRKHWbED0k8OcrDpDxj5yk9C7PS0Sb zPu0rg6sSi+Jk8VRFKqYtxC+cqtHAlmPA6pnJkT/eKWakHbHbuQulclIUYNr9QvB9o8b x7Mg== X-Gm-Message-State: ALoCoQlbeFQTTd6+yzn0iFgc8M9f22IiPJJaSX9ANfcKf8XM3XvkMuYd2WsE/uA5PKW0DY7gwNhJ X-Received: by 10.107.130.30 with SMTP id e30mr29916378iod.87.1419425362913; Wed, 24 Dec 2014 04:49:22 -0800 (PST) Received: from bug.local ([50.153.236.5]) by mx.google.com with ESMTPSA id q196sm11305599ioe.5.2014.12.24.04.49.21 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Dec 2014 04:49:22 -0800 (PST) From: Ted Zlatanov To: Lars Ingebrigtsen Subject: Re: bug#19098: 24.4.51; gnutls.c doesn't handle wildcard certificates Organization: =?utf-8?B?0KLQtdC+0LTQvtGAINCX0LvQsNGC0LDQvdC+0LI=?= @ Cienfuegos References: <878uj6c38m.fsf@lifelogs.com> <87d27r8p3v.fsf@lifelogs.com> <874mt38nwe.fsf@lifelogs.com> <87ioh5yzho.fsf@building.gnus.org> X-Face: bd.DQ~'29fIs`T_%O%C\g%6jW)yi[zuz6; d4V0`@y-~$#3P_Ng{@m+e4o<4P'#(_GJQ%TT= D}[Ep*b!\e,fBZ'j_+#"Ps?s2!4H2-Y"sx" Mail-Copies-To: never Gmane-Reply-To-List: yes Date: Wed, 24 Dec 2014 07:49:20 -0500 In-Reply-To: <87ioh5yzho.fsf@building.gnus.org> (Lars Ingebrigtsen's message of "Sun, 21 Dec 2014 13:10:59 +0100") Message-ID: User-Agent: Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (darwin) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 19098 Cc: 19098@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On Sun, 21 Dec 2014 13:10:59 +0100 Lars Ingebrigtsen wrote: LI> Ted Zlatanov writes: >> It would be nice if I could add something to Gnus to tell me the state >> of the bug, even outside of debbugs. LI> The debbugs interface is basically one mbox file per bug. The state of LI> the bug is in the first "email" in that mbox file. So Gnus would have LI> to pull down that mbox file to determine the state of the bug. LI> I think the right solution here is "just use debbugs-gnu". :-) ...but it's sooooo close to being a proper Gnus backend! Have mercy! (Hmmm, could it be a plugin backend? I think that would be a first.) Ted From unknown Fri Aug 15 12:51:31 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 22 Jan 2015 12:24:04 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator